If you have Windows 8 or Windows 10, Microsoft's Windows Defender is ready and waiting to protect you against malware. However, our tests show that you're better off with a free add-on antivirus solution.

Why should you pay a nickel for antivirus protection when it's already built into the operating system? If you're using Windows 8 or Windows 10, you've got Microsoft Windows Defender already, right? Well, it turns out you probably should look for something more powerful. Although Windows Defender seems to be improving, my hands-on testing convinced me that you'd be better off using a paid antivirus utility or a top-tier third-party free antivirus.

In Windows 10, Defender automatically shuts down if Security Center detects that you've got another antivirus installed. And it automatically joins the fight if you don't have other protection. The biggest reason for Defender's existence is to make sure that everybody has at least some degree of protection. Studies have shown a kind of herd immunity in the antivirus world. That is, when the people around you have protection installed, you're safer even if you have none yourself. But that doesn't mean you should rely on it; personal immunity is way stronger than herd immunity.

Don't be confused by the tool confusingly called Windows Defender in Windows 7 and Windows Vista. That's a completely different program, with a much narrower protective scope. Users of Windows 7 and Vista can download Microsoft Security Essentials, a tool that matches many features of the current Windows Defender but omits some of its most advanced features. This review specifically covers Windows Defender, not Microsoft Security Essentials.

Installation Not Required Naturally Windows Defender requires no installation. It's already there! If you have no other antivirus, it should be up and running, but it couldn't hurt to check. Tap the Windows key, type defender, and launch it. In the resulting screen you should see an image of a monitor with a white checkmark on green. But don't try this if you already have another antivirus. You'll just get a notice that Defender is turned off.

This tool has almost no settings. You can turn off real-time protection, disable the feature that sends Microsoft non-personal information about security problems, and force it to ask permission before sending suspect files to Microsoft for analysis. That's it. Most users should leave all three settings turned on.

With many third-party free antivirus utilities, you get a ton of bonus tools above and beyond the basic antivirus functions. For example, AVG AntiVirus Free (2016) includes a file shredder for secure deletion, a component that actively blocks ad networks from tracking your browsing habits, and a rating tool that flags potentially unsafe websites. Defender sticks to the single task of keeping your system safe from malware. Avast Free Antivirus 2016 scans your network and router for security problems, optimizes your system, and manages your passwords.

Improved Lab Results In the past, Microsoft's antivirus technology has turned in some really dreadful lab test scores, even scoring below zero in some tests. Microsoft's antivirus team has contended that these scores don't reflect the real world, and that their own telemetry shows success. That might well be true, but third-party validation is really nice to have. It's clear that the Microsoft team has increased efforts to demonstrate antivirus accuracy in ways that the labs can reproduce.

Researchers at AV-Test Institute rate antivirus products on protection against malware attack, low performance impact, and low false positives (usability), with six points available for each. Microsoft's scores for usability and performance were fine, 6.0 and 5.0 points respectively. But it got just 3.0 points for the essential task of protection. AV-Test treats Microsoft as a baseline, meaning any product that scored lower needs work. Top score in this test, 18 out of a possible 18 points, goes to Kaspersky Anti-Virus (2016).

AV-Comparatives also treats Microsoft as a baseline, omitting it from reported results but explaining in a footnote what score it would have received. In the five tests that I follow from this lab, Microsoft passed one with a Standard rating and the rest with an Advanced rating. Bitdefender Antivirus Plus 2016 and Kaspersky swept the field, with Advanced+ ratings in all five.

I've recently started following a pair of tests from London-based MRG-Effitas. One attempts to simulate an actual user's experience, testing all components of the antivirus, while the other specifically measures protection against financial malware. Microsoft failed both of these, but then, so did quite a few others.

The more lab tests the better, in my book, and all five of the labs that I follow test Microsoft. Using my new system for aggregating scores, Microsoft rates 7.5 out of a possible 10. Kaspersky is the big winner in this scenario, with 9.7 points.

Poor Score in Hands-On Testing In addition to looking at scores from the independent testing labs, I always do my own hands-on testing. I use a collection of samples that I culled and analyzed from a daily feed supplied by MRG-Effitas—real-world malware.

The moment I opened the folder containing my malware collection, Defender started wiping them out. The only sign of its activity was a tiny slide-in notification stating that Defender found some malware and was removing it. In a couple cases, it reported "potentially harmful software" and asked me to select an action. I chose quarantine in each case.

After a few minutes, it had eliminated 58 percent of the samples. That's the same percentage Avira Antivirus 2016 managed, and it's a bit low. Tested with my previous collection, McAfee and Panda Free Antivirus (2016) both managed 89 percent.

I continued the test by launching each sample and noting how well Defender identified the threat and blocked its installation. Quite a few of the samples installed without a peep from Defender. Its detection rate of 71 percent and score of 6.6 points are among the lowest in products tested with my current sample set and with my previous collection. Webroot SecureAnywhere AntiVirus (2016) and Ashampoo Anti-Virus 2016 detected 100 percent of the current samples.

Just before publication of this review, I learned from Microsoft that Windows Defender does not attempt to detect Adware and some other types of potentially unwanted programs. That explains, in part, the low detection rate. However, I'd rather the antivirus give me a choice whether or not to ignore these lower-level threats.

For this test, I use a feed of very new malicious URLs supplied by MRG-Effitas, typically no more than a day or two old. I note whether the antivirus prevents the browser from reaching the URL, wipes out the executable payload during download, or sits idly doing nothing to protect the system.

Halfway through the test I had the impression that Microsoft didn't even attempt to block access to malware-hosting URLs. Oh, I recorded many, many instances where the download was blocked by SmartScreen filter. By the time I reached 100 verified URLs for testing, I did get to see it block access to the URL, but just twice. That plus 68 instances of blocked downloads gave Microsoft a protection rate of 70 percent, a middling score. Avira managed 99 percent protection, in every case steering the browser away from the dangerous URL. Before Avira's knockout success, the top score was 91 percent, shared by Norton and McAfee.

Note that if you use a different browser you'll have to rely on that browser's own ability to block malicious URLs. However, if a malware download does occur, Windows Defender jumps in to eliminate it.

Surprisingly Good Antiphishing There's a pattern I've seen a lot in my antivirus reviews. The antivirus product uses the same mechanism to track phishing sites and malware-hosting sites. It does a great job against the malicious sites but fails the antiphishing test. Microsoft's story is quite the reverse; it hardly blocked any malicious URLs but did quite well against phishing URLs.

For this test, I collect URLs that have been very recently reported as fraudulent. In most cases, they haven't yet been analyzed and blacklisted. That's important for my test, because phishing URLs are ephemeral. Once the fraudsters have captured login credentials from a few victims, they relocate to a new URL.

With my URL collection in hand, I begin the test by setting up four browsers, one protected by antiphishing whiz Symantec Norton Security Premium, one by the product being tested, and one apiece using the protection built into Chrome and Firefox. Normally I use a fifth browser, one protected by Internet Explorer, but this time IE itself was the product under test.

Looking back at many runs of this test, I see a clear trend. Internet Explorer's scores have been getting better, Chrome has been holding steady, and Firefox has been getting worse. When I tallied the results, I found that Microsoft's detection rate lagged just 17 percent behind Norton's. That's better than the majority of recently tested product, though Avast came in only 1 percent below Norton. Microsoft beat Chrome by 2 percent. And in recent tests, fully half of the products were less successful than Microsoft.

No Need to PayMicrosoft Windows Defender 4.9 is awfully convenient. It's already installed on your Windows 8 or Windows 10 system; all you do is make sure it's turned on. Sometimes, though, you get what you pay for. Microsoft's scores with independent antivirus testing labs are improving, but they're still not tip-top. And in my own hands-on tests it proved mediocre at best.

But don't worry; you don't have to lay out any of your hard-earned cash to get an excellent replacement for this free product. We've identified three Editors' Choice products for free antivirus, Avast Free Antivirus, AVG AntiVirus Free, and Panda Free Antivirus. Best of all, since they're free you can try all three and decide which one suits you best.

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted by readers. By 1990, he had become PC Magazine's technical editor, and a coast-to-coast telecommuter. His "User to User" column supplied readers with tips...
More »